RTRMON Should Port 53 Be Closed?

[Viktor Jaep]

I hope you don't mind it was quicker for me to grab just to show as an example.

Not a prob... Feel free to mark this post with the "RTRMON" tag, so it can be more easily identified, and stands out as support needed for questions regarding the tool, k?

 

[dandle]

There's no bug... I'm using the nmap tool to query the IP of your WAN0... and your BR0 interface. Definitely let us know what you find after reinstalling adguard.

The way this is phrased makes it sound like you personally just did this

I take it to mean the script that you created you're using the tool to help us query our interfaces

Not a prob... Feel free to mark this post with the "RTRMON" tag, so it can be more easily identified, and stands out as support needed for questions regarding the tool, k?

Will do! Thanks for the heads up on that and will report back on my findings after reinstalling Adguard.

 

[dandle]

Ok. So this does appear to be related to Adguard Home. With it installed, I reran the 'Diagnostics' command in RTMON and again port 53 appeared open under WAN0 IP for both TCP and UDP.

After uninstallation, I ran 'Diagnostics' once more which now shows WAN0 IP empty for TCP. Though for UDP it shows the following as open (for both WAN and Local)

67/udp open|filtered dhcps
137/udp open|filtered netbios-ns
138/udp open|filtered netbios-dgm
3702/udp open|filtered ws-discovery
5353/udp open|filtered zeroconf

I'm guessing these are ok?

@SomeWhereOverTheRainBow Just wanted to loop you in if you have any ideas why this might be happening.

 

[SomeWhereOverTheRainBow]

Ok. So this does appear to be related to Adguard Home. With it installed, I reran the 'Diagnostics' command in RTMON and again port 53 appeared open under WAN0 IP for both TCP and UDP.

After uninstallation, I ran 'Diagnostics' once more which now shows WAN0 IP empty for TCP. Though for UDP it shows the following as open (for both WAN and Local)



I'm guessing these are ok?

@SomeWhereOverTheRainBow Just wanted to loop you in if you have any ideas why this might be happening.

Okay it is because adguardhome is listening on port 53 universally means it binds to every address. As long as you haven't open the port on the firewall then it is not accessible from outside your network. The same would happen if you were to use dnsmasq by itself.

 

[dandle]

Okay it is because adguardhome is listening on port 53 universally means it binds to every address. As long as you haven't open the port on the firewall then it is not accessible from outside your network. The same would happen if you were to use dnsmasq by itself.

@SomeWhereOverTheRainBow Thanks for the reply! It was alarming to see initially as you wouldn't expect to see that open on the WAN interface. So then is it safe to ignore? How would I make sure its ok. And no I haven't opened any ports on the Firewall.

 

[Viktor Jaep]

Ok. So this does appear to be related to Adguard Home. With it installed, I reran the 'Diagnostics' command in RTMON and again port 53 appeared open under WAN0 IP for both TCP and UDP.

After uninstallation, I ran 'Diagnostics' once more which now shows WAN0 IP empty for TCP. Though for UDP it shows the following as open (for both WAN and Local)

I'm guessing these are ok?

@SomeWhereOverTheRainBow Just wanted to loop you in if you have any ideas why this might be happening.

Those are fine... eventhough they show "open" under udp, they are also marked as "filtered"... which. means means that a firewall, filter, or other network obstacle is blocking the port.

 

[dandle]

Those are fine... eventhough they show "open" under udp, they are also marked as "filtered"... which. means means that a firewall, filter, or other network obstacle is blocking the port.

Thanks so much. That makes sense! One more thing. Port 53 open on the local interface (tcp/udp) is completely fine correct? Sorry as I mentioned not an advanced user!

 

[Viktor Jaep]

Thanks so much. That makes sense! One more thing. Port 53 open on the local interface (tcp/udp) is completely fine correct? Sorry as I mentioned not an advanced user!

Yep, that's perfectly fine... That's basically the DNS services your router is providing to your network/wireless clients in order to resolve IPs... You are on your way to becoming an advanced user the more you dive into this... Good work!

 

[dandle]

Okay it is because adguardhome is listening on port 53 universally means it binds to every address. As long as you haven't open the port on the firewall then it is not accessible from outside your network. The same would happen if you were to use dnsmasq by itself.

So with that said. Would you still recommend this to use? I really enjoyed using Adguard Home for the few days I had it active, but I want to be absolutely sure that it's safe and doesn't present any privacy/security concerns. Thanks.

 

[SomeWhereOverTheRainBow]

So with that said. Would you still recommend this to use? I really enjoyed using Adguard Home for the few days I had it active, but I want to be absolutely sure that it's safe and doesn't present any privacy/security concerns. Thanks.

It is safe to use. By default, the firewall blocks anything that you have not intentionally open via firewall settings page or port forwards.

 

[SomeWhereOverTheRainBow]

So with that said. Would you still recommend this to use? I really enjoyed using Adguard Home for the few days I had it active, but I want to be absolutely sure that it's safe and doesn't present any privacy/security concerns. Thanks.

What is the complete output of iptables-save, if you do not see a wan facing iptable rule showing port 53 open to inbound traffic (or an inbound port 53 traffic accept rule), then you are fine. That means anyone trying to access port 53 from wan side (or outside your network) will be dropped by the firewall with the rest of unsolicited inbound wan traffic. Just because a program or app listens on an interface does not mean that it is not blocked from wan side solicitation. There are multiple angles to understanding this stuff. You can't just run a netstat and assume you are in danger of unsolicited traffic breaking through. You need to check your firewall. Or even try to access it your self via your WanIp address from outside your network. If you are met by bad answers, then you are being dropped by your firewall while you try solicited traffic via wan side.

I also want to challenge you, please review my shell scripts. I am curious to see if you can find any line of code that mentions I open your port 53 via the firewall. Look for any lines of code where i invoke your firewall to wan side.

GitHub - jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer: The Official Installer of AdGuardHome for Asuswrt-Merlin

The Official Installer of AdGuardHome for Asuswrt-Merlin - jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

github.com

 

[SomeWhereOverTheRainBow]

Ok. So this does appear to be related to Adguard Home. With it installed, I reran the 'Diagnostics' command in RTMON and again port 53 appeared open under WAN0 IP for both TCP and UDP.

After uninstallation, I ran 'Diagnostics' once more which now shows WAN0 IP empty for TCP. Though for UDP it shows the following as open (for both WAN and Local)



I'm guessing these are ok?

@SomeWhereOverTheRainBow Just wanted to loop you in if you have any ideas why this might be happening.

Those ones you see open on WAN are normal for you to have functioning internet.

 

[dandle]

What is the complete output of iptables-save, if you do not see a wan facing iptable rule showing port 53 open to inbound traffic (or an inbound port 53 traffic accept rule), then you are fine. That means anyone trying to access port 53 from wan side (or outside your network) will be dropped by the firewall with the rest of unsolicited inbound wan traffic. Just because a program or app listens on an interface does not mean that it is not blocked from wan side solicitation. There are multiple angles to understanding this stuff. You can't just run a netstat and assume you are in danger of unsolicited traffic breaking through. You need to check your firewall. Or even try to access it your self via your WanIp address from outside your network. If you are met by bad answers, then you are being dropped by your firewall while you try solicited traffic via wan side.

I also want to challenge you, please review my shell scripts. I am curious to see if you can find any line of code that mentions I open your port 53 via the firewall. Look for any lines of code where i invoke your firewall to wan side.

GitHub - jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer: The Official Installer of AdGuardHome for Asuswrt-Merlin

The Official Installer of AdGuardHome for Asuswrt-Merlin - jumpsmm7/Asuswrt-Merlin-AdGuardHome-Installer

github.com

Thanks for clarifying! I've run the command but there's a large output and am unsure the syntax I should be looking for. I can't fully parse the output
Oh. I didn't mean to give the impression there was anything wrong with the code, sorry if it came across that way (to be honest, I wouldn't really know what to look for either). I just tend to be a little extra when it comes to these sort of things